A Vulnerability to Hack The World - CVE-2023-4863

Citizenlab discovered BLASTPASS, a 0day being actively exploited in the image format WebP. Known as CVE-2023-4863 and CVE-2023-41064, an issue in webp’s build huffman table function can lead to a heap buffer overflow. This vulnerability is very interesting and I’m excited to share with you what I learned. Want to learn hacking? Signup to (ad) Buy my shitty font: (ad) WebP Fix Commit: /902bc9190331343b2017211debcec8d2ab87e17a Citizenlab: Ben Hawkes: Software Updates Apple Chrome Firefox Android Whose CVE is it Anyway? References: 2014 bug introduction :// enough.c Thanks to: Chapters: 00:00 - Intro to CVE-2023-4863 01:32 - Most Valuable Vulnerability? 03:02 - Heap Overflow Related to Huffman Trees 03:58 - Learning about Huffman Codes 06:24 - What are Huffman Tables? 10:24 - Hardcoded Table Sizes (enough.c) 12:21 - Code Walkthrough - BuildHuffmanTable() 13:04 - The code_lengths[] and count[] Arrays 15:14 - Difference Between Compression and Decompression! 17:04 - Outro =[ ❤️ Support ]= → per Video: → per Month: 2nd Channel: =[ 🐕 Social ]= → Twitter: → Streaming: → TikTok: @liveoverflow_ → Instagram: → Blog: → Subreddit: → Facebook: